Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

eBay faces class-action suit over breach

A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.

After a high-profile data breach forced eBay to ask its customers to reset their passwords and following criticism of how it responded to the breach, the internet company is being taken to court as part of a class-action suit.

Louisiana resident Collin Green filed a consumer privacy class-action suit in U.S. District Court for the Eastern District of Louisiana on Wednesday, accusing the internet company of failing to secure private information.

Noting that eBay “holds personal information of is more than 120 million active customers in electronic files it declares ‘secure',” the complaint says because the company didn't protect it properly it “has caused, and is continuing to cause, damage to its customers.”

The suit provided a litany of information that eBay collects and stores — from credit card, shipping and geo-location data to statistics on page views, mobile phone numbers and community discussions — that could be used for identity theft, though the plaintiff admitted to being “unsure how much, if any, of these additional highly detailed classes of personal information were also stolen due to eBay's failures.”

The complaint also chided eBay for revealing the breach May 21 months after it occurred (in February or March) and only after it had been widely reported.

Noting that the company was well aware, as it stated in its 2014 10-Q SEC, that it was “subject to online security risks, including security breaches,” and was well aware of reporting requirements, the plaintiff claims that eBay did not only failed to protect data but withheld customer notification in an attempt to avoid negative market perception and damage to its bottom line.

“eBay's profit-driven decision to withhold the fact of its security lapse further damaged the class members who were prevented from immediately mitigating the damages from the theft,” the suit said.

Green is suing eBay for negligence, violation of the Federal Stored Communications Act and Louisiana's breach notification law as well as those of other states, breach of contract and breach of implied contract.

The suit also charges eBay with breach of fiduciary duty, bailment, and violation of the Gramm-Leach-Bliley Act as well as the federal Fair Credit Reporting Act and is asking for class-action certification, compensatory and consequential damages as well as attorney fees.

In May, eBay posted a FAQ saying that financial information, as well as Social Security numbers, Taxpayer Identification numbers and National Identification numbers, were not compromised. It asked customers to reset their passwords, which the company recently noted had an impact on its financials.

Despite second quarter financials that were on par or slightly better than predicted, eBay had a “challenging quarter” and took significant “body blows” CEO Jack Donahoe said during an evening earnings call last week, according to a report in SCMagazineUK.com.

Donahoe contended that the password reset, which drew criticism from some, had resulted in a decline in user activity that has yet to reach previous levels.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.